1
linux/security/ipe/eval.h
Deven Bowers 52443cb60c ipe: add LSM hooks on execution and kernel read
IPE's initial goal is to control both execution and the loading of
kernel modules based on the system's definition of trust. It
accomplishes this by plugging into the security hooks for
bprm_check_security, file_mprotect, mmap_file, kernel_load_data,
and kernel_read_data.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2024-08-20 14:01:33 -04:00

30 lines
604 B
C

/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
*/
#ifndef _IPE_EVAL_H
#define _IPE_EVAL_H
#include <linux/file.h>
#include <linux/types.h>
#include "policy.h"
#define IPE_EVAL_CTX_INIT ((struct ipe_eval_ctx){ 0 })
extern struct ipe_policy __rcu *ipe_active_policy;
struct ipe_eval_ctx {
enum ipe_op_type op;
const struct file *file;
};
void ipe_build_eval_ctx(struct ipe_eval_ctx *ctx,
const struct file *file,
enum ipe_op_type op);
int ipe_evaluate_event(const struct ipe_eval_ctx *const ctx);
#endif /* _IPE_EVAL_H */